JN0-333 Online Practice Questions and Answers

Click the Exhibit button.

Which feature is enabled with destination NAT as shown in the exhibit?

A. NAT overload

B. block allocation

C. port translation

D. NAT hairpinning

Which two modes are supported during the Phase 1 IKE negotiations used to establish an IPsec tunnel? (Choose two.)

A. transport mode

B. aggressive mode

C. main mode

D. tunnel mode

Click the Exhibit button.

You are monitoring traffic, on your SRX300 that was configured using the factory default security parameters. You notice that the SRX300 is not blocking traffic between Host A and Host B as expected.

Referring to the exhibit, what is causing this issue?

A. Host B was not assigned to the Untrust zone.

B. You have not created address book entries for Host A and Host B.

C. The default policy has not been committed.

D. The default policy permits intrazone traffic within the Trust zone.

Which three statements describes traditional firewalls? (Choose three.)

A. A traditional firewall performs stateless packet processing.

B. A traditional firewall offers encapsulation, authentication, and encryption.

C. A traditional firewall performs stateful packet processing.

D. A traditional firewall forwards all traffic by default.

E. A traditional firewall performs NAT and PAT.

What are the maximum number of redundancy groups that would be used on a chassis cluster?

A. The maximum number of redundancy groups use is equal to the number of configured physical interfaces.

B. The maximum number of redundancy groups use is equal to one more than the number of configured physical interfaces.

C. The maximum number of redundancy groups use is equal to the number of configured logical interfaces.

D. The maximum number of redundancy groups use is equal to one more than the number of configured logical interfaces.

Clients at a remote office are accessing a website that is against your company Internet policy. You change the action of the security policy that controls HTTP access from permit to deny on the remote office SRX Series device. After committing the policy change, you notice that new users cannot access the website but users that have existing sessions on the device still have access. You want to block all user sessions immediately.

Which change would you make on the SRX Series device to accomplish this task?

A. Add the set security flow tcp-session rst-invalidate-session option to the configuration and commit the change.

B. Add the set security policies policy-rematch parameter to the configuration and commit the change.

C. Add the security flow tcp-session strict-syn-check option to the configuration and commit the change.

D. Issue the commit full command from the top of the configuration hierarchy.

What are three defined zone types on an SRX Series device?

A. dynamic

B. junos-host

C. null

D. functional

E. routing

You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase 1 negotiation succeeds and the Phase 2 negotiation fails.

Which two configuration parameters should you verify are correct? (Choose two.)

A. Verify that the IKE gateway proposals on the initiator and responder are the same.

B. Verify that the VPN tunnel configuration references the correct IKE gateway.

C. Verify that the IPsec policy references the correct IKE proposals.

D. Verify that the IKE initiator is configured for main mode.

Which type of VPN provides a secure method of transporting encrypted IP traffic?

A. IPsec

B. Layer 3 VPN

C. VPLS

D. Layer 2 VPN

Click the Exhibit button.

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172.25.11.0/24 subnet to the Internet. You create a policy named permit ?http between the trust and untrust zones that permits HTTP traffic.

When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

A. Create a custom application named http at the [edit applications] hierarchy.

B. Execute the Junos commit full command to override the error and apply the configuration.

C. Modify the security policy to use the built-in junos-http application.

D. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.